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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

• Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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2a)D This action is FINAL. 2b)^ This action is non-final. 
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6) E3 Claim(s) 1-27 is/are rejected. 
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DETAILED ACTION 



Claim Rejections - 35 USC§103 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

2. Claim 1, 2, 6, 7, 12, 13, 17, 18, 22, 23, and 27 rejected under 35 U.S.C. 103(a) as being 
unpatentable over US Patent No. 6,076,108 to Courts et al. in view of Douglas et al. 

Regarding claim 1, Courts et al. teaches a method of establishing a persistent relationship 
between an end user device and a server where the server is one of a plurality of servers managed 
by a dispatcher (column 3, lines 5-7 of Courts et al.) and the end user device accesses the server 
using a universal resource locator (URL) (column 5, lines 66-67 of Courts et al.) T the method 
comprising the steps of: receiving, at the dispatcher, a request for information from the end user 
device; determining, by the dispatcher, which of the plurality of servers to select for satisfying 
the request (column 3, lines 5-7 and column 5, lines 66-67 of Courts et al.); said key for 
accessing a storage area for information regarding the persistent relationship and the end user 
device (column 1, lines 45-50 of Courts et al.). 

Courts et al. does not teach of creating a token. Douglas et al. teaches creating, at the 
selected server, a token comprising at least an identifier for the selected server, a date/time 
stamp, and a key (column 2, lines 39-41 and column 4, lines 5-8 of Douglas et al.), inserting the 
token into the URL; and, sending, by the selected server to the client device, a response with the 



Application/Control Number: 09/557,708 Page 3 

Art Unit: 2143 

token inserted into the URL (column 4, lines 8-1 1 of Douglas et al.). Therefore it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to further 
modify the method for maintaining a state for a user session using a global session server by 
Courts et al. by creating a token because this notifies the system of the type of encryption 
information to use to encrypt the packet. 

Referring to claim 2, 13, and 23, Courts et al. teaches a method [a computer program 
product and a network dispatcher] as claimed in claim 1, 12, and 22 (column 3, lines 5-7 of 
Courts et al.). 

Courts et al. does not teach of encoding tokens using a modified Base64 encoding. 
Douglas et al. teaches wherein said token is encoded using a modified Base64 encoding (column 
4, lines 7-8 and 41-42 of Douglas et al.). Therefore it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to further modify the method for 
maintaining a state for a user session using a global session server by Courts et al. by encoding 
tokens using a modified Base64 encoding because this Base64 is one of many encryption 
methods. 

Referring to claim 7, Courts et al. teaches a method of routing a request by an end user 
device to a particular one of a plurality of redundant servers residing behind a network 
dispatching mechanism (column 3, lines 5-7 and column 6, line 5 of Courts et al.), said methods 
comprising the steps of: receiving, at the network dispatching mechanism, a request for 
information indicated by a uniform resource locator (URL) (column 5, lines 66-67 of Courts et 
al.); further determining, at the network dispatching mechanism, if a session binding is old 
(column 6, line 45 of Courts et al.); forwarding, by said network dispatching mechanism, the 
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request, including the URL, to the particular server (column 3, lines 5-7 and column 6, line 5 of 
Courts et al); removing, by said particular : server, said valid routing information from the URL; 
storing, by said particular server, routing information removed from said valid routing token, 
where said valid routing information can be accessed subsequently by an outbound data stream 
filter during the processing of an outbound reply related to said request (column 1, lines 48-53 of 
Courts et al.); accessing, by said particular server, a storage location where information regarding 
a session between the particular server and the end user device is stored; and inserting, by said 
particular server, said session information into said request (column 1, lines 52-55 of Courts et 
al.). 

Courts et al. does not teach of tokens. Douglas et al. teaches determining, at the network 
dispatching mechanism, if said URL contains a valid routing token; if said URL contains a valid 
routing token and said routing token is not old, forwarding, by said network dispatching 
mechanism, the request, including the URL, to the particular server indicated by said valid 
routing token (column 2, lines 27-29 of Douglas et al.). Therefore it would have been obvious to 
one of ordinary skill in the art at the time the invention was made to further modify the method 
for maintaining a state for a user session using a global session server by Courts et al. by having 
a routing token because this notifies the system of the type of encryption information to use to 
encrypt the packet and the validity of the packet. 

Regarding claim 12, Courts et al. teaches a computer program product having computer 
readable code means (column 1, lines 18-20 of Courts et al.) of establishing a persistent 
relationship between an end user device and a server where the server is one of a plurality of 
servers managed by a dispatcher (column 3, lines 5-7 of Courts et al.) and the end user device 
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accesses the server using a universal resource locator (URL) (column 5, lines 66-67 of Courts et 
al.), the computer program product comprising: computer readable code means of receiving, at 
the dispatcher, a request for information from the end user device; computer readable code 
means of determining, by the dispatcher, which of the plurality of servers to select for satisfying 
the request (column 3, lines 5-7 and column 5, lines 66-67 of Courts et al.); said key for 
accessing a storage area for information regarding the persistent relationship and the end user 
device (column 1, lines 45-50 of Courts et al). 

Courts et al. does not teach of creating a token. Douglas et al. teaches computer readable 
code means of creating, at the selected server, a token comprising at least an identifier for the 
selected server, a date/time stamp, and a key (column 2, lines 39-41 and column 4, lines 5-8 of 
Douglas et al), computer readable code means of inserting the token into the URL; and, 
computer readable code mans of sending, by the selected server to the client device, a response 
with the token inserted into the URL (column 4, lines 8-1 1 of Douglas et al.). Therefore it would 
have been obvious to one of ordinary skill in the art at the time the invention was made to further 
modify the method for maintaining a state for a user session using a global session server by 
Courts et al. by creating a token because this notifies the system of the type of encryption 
information to use to encrypt the packet. 

Regarding claim 18, Courts et al teaches a computer program product having computer 
readable program code (column 1, lines 18-20 of Courts et al.) for routing a request by an end 
user device to a particular one of a plurality of redundant servers residing behind a network 
dispatching mechanism (column 3, lines 5-7 and column 6, line 5 of Courts et al.), said program 
product comprising: computer readable program code for receiving, at the network dispatching 
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mechanism, a request for information indicated by a uniform resource locator (URL) (column 5, 
lines 66-67 of Courts et al.); if said URL contains a valid routing token, computer readable 
program code for determining, at the network dispatching mechanism, if a session binding 
indicated by said routing token is old (column 6, line 45 of Courts et al.); computer readable 
program code for forwarding, by said network dispatching mechanism, the request, including the 
URL, to the particular server (column 3, lines 5-7 and column 6, line 5 of Courts et al ); 
computer readable program code for removing, by said particular server, said valid routing 
information from the URL; computer readable program code for storing, by said particular 
server, routing information removed from said valid routing token, where said valid routing 
information can be accessed subsequently by an outbound data stream filter during the 
processing of an outbound reply related to said request (column 1, lines 48-53 of Courts et al ); 
computer readable program code for accessing, by said particular server, a storage location 
where information regarding a session between the particular server and the end user device is 
stored; and computer readable program code for inserting, by said particular server, said session 
information into said request (column 1, lines 52-55 of Courts et al.). 

Courts et al. does not teach of tokens. Douglas et al. teaches computer readable program 
code for determining, at the network dispatching mechanism, if said URL contains a valid 
routing token if said URL contains a valid routing token and said routing token is not old, 
computer readable program code for forwarding, by said network dispatching mechanism, the 
request, including the URL, to the particular server indicated by said valid routing token (column 
2, lines 27-29 of Douglas et al.). Therefore it would have been obvious to one of ordinary skill in 
the art at the time the invention was made to further modify the method for maintaining a state 



Application/Control Number: 09/557,708 Page 7 

Art Unit: 2143 

for a user session using a global session server by Courts et al. by having a routing token because 
this notifies the system of the type of encryption information to use to encrypt the packet and the 
validity of the packet. 

Referring to claim 22, Courts et al. teaches a network dispatcher for establishing a 
persistent relationship between an end user device and a server where the server is one of a 
plurality of servers managed by said network dispatcher (column 3, lines 5-7 of Courts et al.), 
said network dispatcher comprising: means for receiving a request for information from said end 
user device, said request for information including a uniform resource locator (URL) (column 5, 
lines 66-67 of Courts et al.); means for determining which of the plurality of servers to select for 
satisfying said request for information (column 3, lines 5-7 and column 5, lines 66-67 of Courts 
et al.); said key for accessing a storage area for information regarding the persistent relationship 
and the end user device (column 1, lines 45-50 of Courts et al.). 

Courts et al. does not teach of creating a token. Douglas et al. teaches means for creating, 
at said selected server, a token comprising at least an identifier for the selected server, a 
date/time stamp, and a key (column 2, lines 39-41 and column 4, lines 5-8 of Douglas et al.), 
means for inserting the token into the URL; and means for sending, by the selected server, a 
response with the token inserted into the URL to the client device (column 4, lines 8-1 1 of 
Douglas et al.). Therefore it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to further modify the method for maintaining a state for a user 
session using a global session server by Courts et al. by creating a token because this notifies the 
system of the type of encryption information to use to encrypt the packet. 
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Regarding claim 6, 17, and 27, Courts et al. teaches a method [a computer program 
product and a network dispatcher] as claimed in claim 1,12, and 22 wherein said information 
regarding the persistent relationship is stored as a cookie on said server (column 5, lines 50-52 of 
Courts et al.). 

3. Claim 3-5, 14-16, and 24-26 rejected under 35 U.S.C. 103(a) as being unpatentable over 
US Patent No. 6,076,108 to Courts et al. in view of Douglas et al. as applied to claim 1, 2, 6, 7, 
12, 13, 17, 18, 22, 23, and 27 above, and further in view of Vanstone et al. 

Regarding claim 3, 14, and 24, Courts et al. in view of Douglas et al. a method [a 
computer program product and a network dispatcher] as claimed in claim 1,12, and 22 and 
tokens (column 2, lines 27-29 of Douglas et al.). 

Courts et al. in view of Douglas et al. does not teach checksum or hash verification field. 
Vanstone et al. teaches wherein said token has a checksum or hash verification field (column 2, 
lines 54-58 of Vanstone et al.). Therefore it would have been obvious to one of ordinary skill in 
the art at the time the invention was made to further modify the method for maintaining a state 
for a user session using a global session server by Courts et al. in view of Douglas et al. by 
having checksum or hash verification field because this helps in identifying the client. 

Referring to claim 4, 15, and 25, Courts et al. teaches a method [a computer program 
product and a network dispatcher] as claimed in claim 3, 14, and 24 (column 2, lines 27-29 of 
Douglas et al.). 

Courts et al. in view of Douglas et al. does not teach said hash is a SHA-1 hash. Vanstone 
et al. teaches wherein said hash is a SHA-1 hash computed over said identifier for said selected 
server, said date/time stamp, and said key (column 2, lines 40-41 of Vanstone et al ). Therefore it 
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would have been obvious to one of ordinary skill in the art at the time the invention was made to 
further modify the method for maintaining a state for a user session using a global session server 
by Courts et al. in view of Douglas et al. by having said hash is a SHA-1 hash because this helps 
in identifying the client and SHA-1 is a type of hash function. 

Referring to claim 5, 16, and 26, Courts et al. in view of Douglas et al. teaches a method 
[a computer program product and a network dispatcher] as claimed in claim 3, 14, and 24 and 
Base64 encoding (column 4, lines 41-42 of Douglas et al.). 

Courts et al. in view of Douglas et al. does not teach of checksum or hash. Vanstone et al. 
teaches wherein said checksum or hash (column 2, lines 56-58 of Vanstone et al.) is encoded. 
Therefore it would have been obvious to one of ordinary skill in the art at the time the invention 
was made to further modify the method for maintaining a state for a user session using a global 
session server by Courts et al. in view of Douglas et al. by having checksum or hash because this 
helps in identifying the client. 

4. Claim 8, 9, and 19 rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
No. 6,076,108 to Courts et al. in view of Douglas et al. as applied to claim 1, 2, 6, 7, 12, 13, 17, 
18, 22, 23, and 27 above, and further in view of Colby et al. 

Regarding claim 8 and 19, Courts et al. in view of Douglas et al. teaches the method [The 
computer program product] as claimed in claim 7 and 18 and the URL (column 5, lines 66-67 of 
Courts et al.). 

Courts et al. in view of Douglas et al. does not teach of filtering. Colby et al. teaches 
wherein additional filtering of the URL is done prior to the forwarding step (column 12, lines 6-7 
of Colby et al.). Therefore it would have been obvious to one of ordinary skill in the art at the 
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time the invention was made to further modify the method for maintaining a state for a user 
session using a global session server by Courts et al. in view of Douglas et al. by filtering 
because this helps to authenticate the information more and also to retrieve more needed 
information from the packet. 

Regarding claim 9, Courts et al. in view of Douglas et al. teaches the methods claimed in 
claim 1 thru 8 and the dispatcher (column 3, lines 5-7 of Courts et al.). 

Courts et al. in view of Douglas et al. does not teach of filtering. Colby et al. wherein all 
filtering (column 12, lines 6-7 of Colby et al.) is performed within the dispatcher. Therefore it 
would have been obvious to one of ordinary skill in the art at the time the invention was made to 
further modify the method for maintaining a state for a user session using a global session server 
by Courts et al. in view of Douglas et al. by filtering because this helps to authenticate the 
information more and also to retrieve more needed information from the packet. 
5. Claim 10 and 20 rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
No. 6,374, 359 to Shrader et al. in view of Courts et al. 

Regarding claim 10, Shrader et al. teaches a method of sending information to a 
requesting end user from an application (column 5, lines 3-6 of Shrader et al.) over a session 
wherein said application resides at one of a plurality of redundant servers, said method 
comprisirg the steps of: receiving response information from said application, said response 
information including a URL (uniform resource locator) (column 5, lines 46-47 of Shrader et 
al.); determining if a key cookie has been used for storing session information between said end 
user and said application; if a key cookie has been used for storing session information, 
retrieving a session key from said key cookie; if a key cookie was not used for storing session 
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information, retrieving said session key from a control block (column 5, lines 19-22 and column 
7, lines 22-25 of Shrader et al.); removing all cookies from said response information; storing 
said removed cookies in a predetermined storage area (column 4, lines 35-37 of Shrader et al ); 
updating a date/time stamp in said sticky routing string (column 6, line 67 of Shrader et al.); 
inserting said sticky routing string into said URL; and transmitting said response information, 
including said URL, to said end user (column 1, lines 16-18 of Shrader et al.). 

Shrader et al. does not teach a network dispatcher or a sticky routing string. Courts et al. 
does teach redundant servers residing behind a network dispatcher (column 3, lines 5-7 of Courts 
et al.) updating said URL to indicate the removal of said cookies (column 1, lines 55-56 of 
Courts et al.); creating a sticky routing string (column 6, lines 6-8 of Courts et al.). Therefore it 
would have been obvious to one of ordinary skill in the art at the time the invention was made to 
further modify the method for dynamic use and validation of http cookies for authentication by 
Shrader et al. by having a network dispatcher or a sticky routing string because a dispatcher is 
needed to pass the packet to the server and sticky routing strings to help route request from the 
same client to the same server. 

Referring to claim 20, Shrader et al. teaches a computer program product having 
computer readable program means (column 3, line 59 of Shrader et al.) of sending information to 
a requesting end user from an application (column 5, lines 3-6 of Shrader et al.) over a session 
wherein said application resides at one of a plurality of redundant servers, said computer 
program product comprising: computer readable programming means of receiving response 
information from said application, said response information including a URL (uniform resource 
locator) (column 5, lines 46-47 of Shrader et al.); computer readable programming means of 
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determining if a key cookie has been used for storing session information between said end user 
and said application; if a key cookie has been used for storing session information, computer 
readable programming means of retrieving a session key from said key cookie; if a key cookie 
was not used for storing session information, computer readable programming means of 
retrieving said session key from a control block (column 5, lines 19-22 and column 7, lines 22-25 
of Shrader et al.); computer readable programming means of removing all cookies from said 
response information; computer readable programming means of storing said removed cookies in 
a predetermined storage area (column 4, lines 35-37 of Shrader et al.); computer readable 
programming means of updating a date/time stamp in said sticky routing string (column 6, line 
67 of Shrader et al.); computer readable programming means of inserting said sticky routing 
string into said URL; and computer readable programming means of transmitting said response 
information, including said URL, to said end user (column 1, lines 16-18 of Shrader et al ). 

Shrader et al. does not teach a network dispatcher or a sticky routing string. Courts et al. 
does teach redundant servers residing behind a network dispatcher (column 3, lines 5-7 of Courts 
et al.) computer readable programming means of updating said URL to indicate the removal of 
said cookies (column 1, lines 55-56 of Courts et al.); computer readable programming means of 
creating a sticky routing string (column 6, lines 6-8 of Courts et al.). Therefore it would have 
been obvious to one of ordinary skill in the art at the time the invention was made to further 
modify the method for dynamic use and validation of http cookies for authentication by Shrader 
et al by having a network dispatcher or a sticky routing string because a dispatcher is needed to 
pass the packet to the server and sticky routing strings to help route request from the same client 
to the same server. 
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6. Claim 1 1 and 21 rejected under 35 U.S.C. 103(a) as being unpatentable over US Patent 
No. 6,374, 359 to Shrader et al. in view of Courts et al. as applied to claim 10 and 20 above, and 
further in view of Colby et al. 

Regarding claim 1 1 and 21, Shrader et al. in view of Courts et al. teaches a method [a 
computer program product] as claimed in claim 10 and 20 and said response information 
(column 1, lines 53-55 of Courts et al.). 

Shrader et al. in view of Courts et al. does not teach of filtering. Colby et al. wherein, 
prior to said determining step, said response information is transmitted from said application 
through one or more filters (column 12, lines 6-7 of Colby et al.). Therefore it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to further modify 
the method for dynamic use and validation of http cookies for authentication by Shrader et al. in 
view of Courts et al. by filtering because this helps to authenticate the information more and also 
to retrieve more needed information from the packet. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to April L Baugh whose telephone number is 703-305-53 17. The 
examiner can normally be reached on Monday-Friday 7:00am-3 :30pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, David A Wiley can be reached on 703-308-5221 . The fax phone numbers for the 
organization where this application or proceeding is assigned are 703-746-9149 for regular 
communications and 703-746-9149 for After Final communications. 
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Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is 703-305-3900. 

ALB 

March 21, 2003 




